LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Blaze: The Spy in the Middle

Blaze: The Spy in the Middle

Posted Mar 24, 2010 22:38 UTC (Wed) by PaulWay (✭ supporter ✭, #45600)
Parent article: Blaze: The Spy in the Middle

In a way this shouldn't surprise anyone. The weakest link in issuing SSL certificates has always been the question of how much checking the issuing CA does to make sure that the requester of the certificate has the right to ask for that certificate - I shouldn't be able to get a certificate for a domain if I'm pretending to be "Google Inc." (the real one doesn't have the dot). How hard do they check? How do we know that they haven't just been bribed to give it, or strong-armed by their government? How do we know that the person who got this certificate hasn't shopped around to find the CA that offers the least amount of checking? We don't, that's the problem.

But I disagree with Matt's assertion that this means we have to invent a new certificate signing and authentication technology in order to solve this. This is not a technological problem, it's a social one. We need to reduce the number of Certificate Authorities, ensure they verify everything to the same (high) standard as everyone else, and make the process open so that we can verify it. The issue of the Chinese CA in Firefox only highlights this issue. Coming up with a standard even more complex than X.509 is not the answer.

Have fun,

Paul

(Log in to post comments)

Blaze: The Spy in the Middle

Posted Mar 24, 2010 23:27 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

The problem with reducing the number of CAs is that it gives those companies monopoly power to set the pricing of the certs.

Remember, these are the same companies that have charged $300 for a cert, but upped the price to $900 if you wanted the cert to have a flag turned on to let export browsers use full encryption strength.

Blaze: The Spy in the Middle

Posted Mar 24, 2010 23:56 UTC (Wed) by martinfick (subscriber, #4455) [Link]

Not to mention that it means that by compromising/bribing/strong-arming one CA, it means you would now potentially compromise more certificates. This makes it more valuable to compromise a single target CA, and thus more worth the effort.

Blaze: The Spy in the Middle

Posted Mar 25, 2010 5:40 UTC (Thu) by branden (subscriber, #7029) [Link]

Does *every* LWN discussion have to degenerate into Mark Shuttleworth-bashing?

Blaze: The Spy in the Middle

Posted Mar 25, 2010 12:08 UTC (Thu) by stevan (subscriber, #4342) [Link]

:-) That comment must have taken some thawte.

Blaze: The Spy in the Middle

Posted Mar 26, 2010 21:56 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

huh?, where was the Mark Shuttleworth bashing in this thread? I was talking about the pricing that verisign puts on certs.

Blaze: The Spy in the Middle

Posted Mar 26, 2010 22:30 UTC (Fri) by foom (subscriber, #14868) [Link]

It was a joke.

Mark Shuttleworth is rich enough to fund Ubuntu because he sold Thawte (another company that
used to sell overpriced certs) to Verisign in 1999.

Blaze: The Spy in the Middle

Posted Mar 26, 2010 23:29 UTC (Fri) by nix (subscriber, #2304) [Link]

And stevan's comment was one of the worst puns I've seen this year.

Cert generation

Posted Mar 28, 2010 6:28 UTC (Sun) by man_ls (subscriber, #15091) [Link]

$900 to generate a random prime number, no matter how long, does indeed seem a bit steep. Nowadays even $10 is a ripoff: it takes about 10 seconds of CPU time.

Cert generation

Posted Mar 28, 2010 6:46 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]

to be fair, the cost of the cert is supposed to cover the cost of validating the identity of the person asking for the cert and then to maintain housekeeping things like security, redundancy of the signing key, revocation list, etc.

the thing that makes the $900 so bad is that all of this work needed to be done for th $300 cert as well, the only difference between the $300 and $900 option is a tag inside the cert. Most cert vendors don't have the two grades anymore.

also, since the export browser restrictions were lifted, there really shouldn't be anyone using an 'export browser' that would act any differently with the two types of certs (when was the last 'export' browser shipped?) If anyone is still using such a browser they have so many security holes that downgrading the encryption to 40 bits is a minor risk.

Profit!

Posted Mar 28, 2010 8:11 UTC (Sun) by man_ls (subscriber, #15091) [Link]

The marginal cost of an additional certificate, in terms of keeping backups and revocation lists and securing master keys is close to zero. Storing and sending 2KB has always been cheap. The only item with an appreciable marginal cost is identity validation, and the validation done by "certificate authorities" is a joke, now as always. Why? Because they are businesses; you just have to follow the incentives.

Imagine the amount of identity validation done by credit agencies such as Visa, or even by banks: they are very superficial. These guys are actually giving you credit, and they will have to pay if you don't. Even so, the amount of validation is (at least here in Europe) hardly worth €10, according to my own estimations. Now what incentives do CAs have to make thorough checks? They are not giving you credit, and they have zero liability if you are not who you claim to be. Therefore it makes good business sense to skim over any ID presented and not think twice about it.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds